Saturday, September 12, 2009

MUST-Use Privacy Plug-In "FaceCloak" for Facebook Users

University of Waterloo, Ontario researchers have developed FaceCloak, a browser plug-in that shields social network users' private data from both malicious users and social network providers.

Waterloo professor Urs Hengartner says the plug-in replaces sensitive information in a user's profile with news feeds and meaningless text that can only be unscrambled by trusted friends and contacts. Carnegie Mellon University (CMU) professor Alessandro Acquisti says most users are unaware of the privacy implications of posting personal information on social networking sites such as Facebook and MySpace.

In 2005, Acquisti and fellow CMU researcher Ralph Gross found that almost 80 percent of Facebook users revealed their birthday and the majority provided public access to their real-world address, which could provide enough information to commit identity theft. Acquisti says users have recently started changing their access options to protect their information more carefully, but social network providers have not been good at protecting user privacy because monetizing personal information could result in millions of dollars in revenue.

FaceCloak allows users to designate what information should be encrypted and made available only to friends. The user receives a secret access key and sends two other keys to friends. The keys are used to access the real information, which is stored on a separate server.

Similar tools are being developed by other academic teams, including a Cornell University plug-in called None of Your Business that encrypts profile information so it can be read only by a small group of friends.